SECURITY FIX see bug 108516: Due to trusting of passed form fields that…

post_bug.cgi

@@ -103,10 +103,7 @@ if ($::FORM{'assigned_to'} eq "") {
     $::FORM{'assigned_to'} = DBNameToIdAndCheck($::FORM{'assigned_to'});
 }
 
-$::FORM{'reporter'} = DBNameToIdAndCheck($::FORM{'reporter'});
-
-
-my @bug_fields = ("reporter", "product", "version", "rep_platform",
+my @bug_fields = ("product", "version", "rep_platform",
                   "bug_severity", "priority", "op_sys", "assigned_to",
                   "bug_status", "bug_file_loc", "short_desc", "component",
                   "target_milestone");
@@ -145,7 +142,6 @@ if (!exists $::FORM{'target_milestone'}) {
 
 if ( Param("strictvaluechecks") ) {
     GetVersionTable();  
-    CheckFormField(\%::FORM, 'reporter');
     CheckFormField(\%::FORM, 'product', \@::legal_product);
     CheckFormField(\%::FORM, 'version', \@{$::versions{$::FORM{'product'}}});
     CheckFormField(\%::FORM, 'target_milestone',
@@ -174,7 +170,7 @@ if (exists $::FORM{'bug_status'} && $::FORM{'bug_status'} ne $::unconfirmedstate
 }
 
 my $query = "INSERT INTO bugs (\n" . join(",\n", @used_fields) . ",
-creation_ts, groupset)
+reporter, creation_ts, groupset)
 VALUES (
 ";
 
@@ -204,7 +200,7 @@ $comment = trim($comment);
 # OK except for the fact that it causes e-mail to be suppressed.
 $comment = $comment ? $comment : " ";
 
-$query .= "now(), (0";
+$query .= "$::userid, now(), (0";
 
 foreach my $b (grep(/^bit-\d*$/, keys %::FORM)) {
     if ($::FORM{$b}) {
@@ -251,7 +247,7 @@ SendSQL("select LAST_INSERT_ID()");
 my $id = FetchOneColumn();
 
 SendSQL("INSERT INTO longdescs (bug_id, who, bug_when, thetext) VALUES " .
-        "($id, $::FORM{'reporter'}, now(), " . SqlQuote($comment) . ")");
+        "($id, $::userid, now(), " . SqlQuote($comment) . ")");
 
 foreach my $person (keys %ccids) {
     SendSQL("insert into cc (bug_id, who) values ($id, $person)");